Cybersecurity investigators have identified a new cyberattack campaign connected to the Russia-linked hacking group APT28, ...

A decade-old critical security vulnerability affects over 800,000 internet-exposed telnet servers, with reports of active ...

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in ...

Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509, a security ...

CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP ...

Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.

If, like some 3 billion others worldwide, you use the Chrome web browser, you need to restart it now following this new ...

By the time of CVE's launch, ISS (later acquired by IBM) maintained a fully public VDB, as of August 1997. A company I helped ...

Patch Synology NAS now, a 9.8 flaw allows root by one command, and DSM 7.3.2 Update 1 blocks it for safer access.

Another round of critical Web Help Desk flaws highlights how SolarWinds’ legacy code and past breaches continue to haunt IT ...

Cybersecurity company FuzzingLabs has accused the Y Combinator-backed startup, Gecko Security, of replicating its vulnerability disclosures and backdating blog posts. According to the company, Gecko ...

Advanced application security testing startup Detectify AB today announced the launch of Alfred, a new system that uses artificial intelligence to autonomously source, prioritize and generate ...